cyber security news

55 Zero-Day Vulnerabilities Weaponized in 2022

Mar 21, 2023 by iHash Leave a Comment

Mar 21, 2023Ravie LakshmananCyber Threat Intel / Vulnerability As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in … [Read more...] about 55 Zero-Day Vulnerabilities Weaponized in 2022

Evades Macro Security via OneNote Attachments

Mar 20, 2023 by iHash Leave a Comment

Mar 20, 2023Ravie LakshmananEndpoint Security / Email Security The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a … [Read more...] about Evades Macro Security via OneNote Attachments

Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

Mar 18, 2023 by iHash Leave a Comment

Mar 18, 2023Ravie LakshmananNetwork Security / Cyber Espionage The zero-day exploitation of a now-patched medium-severity security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group. Threat intelligence firm Mandiant, which made the attribution, said the activity cluster is part of a broader campaign designed to deploy backdoors … [Read more...] about Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack

Infamous BreachForums Mastermind Arrested in New York

Mar 18, 2023 by iHash Leave a Comment

Mar 18, 2023Ravie LakshmananCyber Crime / Data Breach U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias "Pompompurin." The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators "spent hours inside and … [Read more...] about Infamous BreachForums Mastermind Arrested in New York

Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials

Mar 17, 2023 by iHash Leave a Comment

The advanced persistent threat known as Winter Vivern has been linked to campaigns targeting government officials in India, Lithuania, Slovakia, and the Vatican since 2021. The activity targeted Polish government agencies, the Ukraine Ministry of Foreign Affairs, the Italy Ministry of Foreign Affairs, and individuals within the Indian government, SentinelOne said in a report … [Read more...] about Winter Vivern APT Group Targeting Indian, Lithuanian, Slovakian, and Vatican Officials

What’s Wrong with Manufacturing?

Mar 16, 2023 by iHash Leave a Comment

In last year's edition of the Security Navigator we noted that the Manufacturing Industry appeared to be totally over-represented in our dataset of Cyber Extortion victims. Neither the number of businesses nor their average revenue particularly stood out to explain this. Manufacturing was also the most represented Industry in our CyberSOC dataset – contributing more Incidents … [Read more...] about What’s Wrong with Manufacturing?

Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company

Mar 15, 2023 by iHash Leave a Comment

Mar 15, 2023Ravie LakshmananCyber Attack / Data Safety A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention (DLP) company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, … [Read more...] about Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company

Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities

Mar 14, 2023 by iHash Leave a Comment

Mar 14, 2023Ravie LakshmananNetwork Security / Cyber Attack Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption. "The complexity of the exploit suggests an advanced actor and that it is highly targeted at governmental or … [Read more...] about Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities

Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom

Mar 13, 2023 by iHash Leave a Comment

Mar 13, 2023Ravie LakshmananEnterprise Security / Privacy More than a dozen security flaws have been disclosed in E11, a smart intercom product made by Chinese company Akuvox. "The vulnerabilities could allow attackers to execute code remotely in order to activate and control the device's camera and microphone, steal video and images, or gain a network foothold," Claroty … [Read more...] about Researchers Uncover Over a Dozen Security Flaws in Akuvox E11 Smart Intercom

BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads

Mar 11, 2023 by iHash Leave a Comment

Mar 11, 2023Ravie LakshmananCyber Threat Intelligence The malware downloader known as BATLOADER has been observed abusing Google Ads to deliver secondary payloads like Vidar Stealer and Ursnif. According to cybersecurity company eSentire, malicious ads are used to spoof a wide range of legitimate apps and services such as Adobe, OpenAPI's ChatGPT, Spotify, Tableau, and … [Read more...] about BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads

Leather AirTag Case – Camo for $29

Microsoft Office Home and Business for Mac 2021 Lifetime License (MJVE2LLA Bundle) for $451

Microsoft Office Home and Business for Mac 2021 Lifetime License (MQD42LLA Bundle) for $475

30W Slim Wall Charger Black for $39

Mac 360° Aluminum Foldable Stand for $99